> Like all functions which provide relevant information about the
> system, the find-users-by-name function should probably be limited to
> dba users only (if it is not already, though I guess it is)?
No its not, its limited to any authenticated user. Which is actually
pretty much how it works in Linux with the /etc/passwd rights as far
as I can see.
--
Adam Retter
eXist Developer
{ United Kingdom }
adam@...
irc://irc.freenode.net/existdb

Like all functions which provide relevant information about the
system, the find-users-by-name function should probably be limited to
dba users only (if it is not already, though I guess it is)?
Wolfgang

>> Auto-complete for usernames
>
> I know biblio is just a demo....but this smells of a serious security flaw to me, if the description
> is indicative of what I think it is.
Yes it is what it says it is.
Whilst I agree that you should not volunteer information, on the flip side -
Never EVER consider your username as a secure artifact or a mechanism
for authentication, almost every large network that I have
authenticated with makes use of a username scheme that can easily be
guessed or mined. e.g. firstname.lastname (adam.retter) or
initiallastname (aretter) or worse an email address e.g.
(adam.retter@... or adam@...).
So... IMHO... Usernames are not secure information!
> Just sayin'....
Likewise ;-)
> --
> Andrzej Taramina
> Chaeron Corporation: Enterprise System Solutions
> http://www.chaeron.com
>
--
Adam Retter
eXist Developer
{ United Kingdom }
adam@...
irc://irc.freenode.net/existdb

Community

Help

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

I agree to receive quotes, newsletters and other information from sourceforge.net and its partners regarding IT services and products. I understand that I can withdraw my consent at any time. Please refer to our Privacy Policy or Contact Us for more details